eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
Size

374KB
MD5

09319094be9b06d32a58e1d9a7b0061d
SHA1

8faf7cd689f39bb8d001362879f95dc7b3b60a4f
SHA256

eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5
SHA512

c1e739c4f1be8a5249ea3d10a762e6ae5e90763117b189114043a63dc8b60b8fb89698e4e864b5d471b1b2cfb6a652899e380c4402611d4da4557b8417bfd11e
SSDEEP

6144:NHwhVh7xJYe8Rb925eeZHswgXNRT60q1hqgMvnKgnY4RTPqAQS9PbC4d:NHwhDZMbAM7LJqXq9KgnY4kAF9Pe4d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1452 set thread context of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26
PID 1452 wrote to memory of 1116	1452	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	26

C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
"C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
  C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
  2⤵
  PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
memory/1116-92-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1116-96-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1116-97-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1452-64-0x0000000000340000-0x000000000034F000-memory.dmp

Filesize
60KB

Download
memory/1452-58-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download
memory/1452-54-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1452-60-0x0000000000330000-0x000000000033F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads